Support Login
Login  
 

ThreatOps™ for Threat Handling and Response

Home / ThreatOps™ for Threat Handling and Response

The ThreatOps™ solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, end-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network. Additionally, the solution empowers customers to threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.

Investigation Automation: The ThreatOps Platform works hand-in-hand with the BOTsink engagement server for in-network threat detection, attack analysis, and acceleration of incident response. The ThreatOp Platform, through automation, ingests information from threats detected by the BOTsink engagement server, SIEMs, and other devices, correlating attack data, logs, end-point memory forensics, and use of deception credentials by tracking failed log-ins. Additionally, through the Attivo solution or through integrations with end-point vendors, like ForeScout and McAfee (ePO), threat hunting can be activated to find the root cause of the infection. This approach provides a more complete picture of the attack and ultimately reduces false positives and investigation time, thereby simplifying overall incident response.

Adaptive Deception: The ThreatOps Platform uses advanced analytics to profile the attackers and dynamically deploy deception of indistinguishable quality and redirect attackers to decoys where specific activities can be tracked to the level of details needed by other security solutions in the network for detection and remediation. This severely impacts attackers by making them spin meaningless cycles in a deception maze.

Collaboration: The ThreatOps Platform is designed to provide a single source for the security team to review correlated attack information and to collaborate on incident response. Collaboration allows teams to see real threats they might have missed on their own from a partial view of threat activity throughout the network. Additionally, it creates a consolidated environment for InfoSec teams to post IR activities and comments so that data can be easily shared and not lost in transition or over time.

Scoring and Playbook Automation: Once the attack has been analyzed, the threat is scored and playbooks created based on the security policies of an organization. This helps customers prioritize threat response and creates playbooks for repeatable processes when the same attack is seen in the future. Automated playbooks not only reduce incident response time, but also the skill set required to respond to future attacks.

Automated Incident Response Handling: Based on the security organization’s policies and playbooks, through 3rd party integration, the correlated attack information can be automatically shared with prevention and detection systems to block and isolate an attack for quick handling and remediation.

Remediation: Providing the complete picture needed for swift and effective incident response, a trouble ticket is generated by ThreatOps. It can then be integrated with applications such as ServiceNow or Jira to give the IT Help Desk information on exactly what is needed for immediate remediation of an infected system or unit.

Read the ThreatOps Solution Brief

Benefits of the ThreatOps Solution:

  • Incident scoring and playbooks for repeatable processes
  • Automatic quarantine and attack blocking with 3rd party integrations
  • Threat hunting through Attivo and NAC integration

Read White Paper:  Distributed Deception Platforms for Automating Incident Response

  • “We did a red team test and my team came back and said, WOW! This thing (ThreadDefend) is good. It kept our red team busy for a long time.”

    , Snr Director Info Sec at Top 50 Retail Organization

  • “The most important thing you do is provide me alerts based on confirmed activity… you are my eyes and ears on the inside of my network.. the nerve center”

    , Snr Director Info Sec at Top 50 Retail Organization

  • “Deception is the first technology I’ve seen in over a decade that truly has the potential to turn the table on the attacker”

    Top 5 Retail Company , Assistant CISO

  • “Attivo is low effort, high impact”

    Major Finance and Accounting firm, CISO

  • “Attackers only have to be right once, while security people have to be right all the time… Deception flips that paradigm… now the criminals need to be right all of the time too”…”flawless deployment, and was done without any assistance from Attivo!”

    DJ Goldsworth, Director Security Operations and Threat Management, Aflac

  • Only 30% of global healthcare organisations have not been hit by a data breach, according to the 2018 Thales healthcare data threat report, issued in partnership with 451 Research.

    Thales Healthcare Data Threat Report

  • "The ThreatDefend™ Deception and Response Platform is a powerful security control for an active defense, which provides early threat detection and changes the asymmetry against attackers.”

    Laura Dyrda Becker, Health IT & CIO Review

  • "Designed for the most sophisticated human and automated attackers, the Attivo Networks deception technology is proven at global scale by Fortune 500 customers to accurately and efficiently detect threats.”

    Laura Dyrda Becker, Health IT & CIO Review

  • “The Attivo Botsink solution was rigorously tested and validated by BD to tailor their protection technologies to work with our medical technologies, rather than being introduced as an afterthought.”

    Becton Dickinson

  • "The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents. The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable."

    Dr. Larry Ponemon, Chairman and Founder at the Ponemon Institute

  • "This is the age-old approach to zero-day malware exploits. Once you have something running on your systems, if you don't do something to prevent the attackers from escalating their rights, then that's the keys to the kingdom."

    Ken Ammon, Chief Strategy Officer at Security Firm Xceedium

  • “Anything that the facility is capable of in its natural operating system, you’re [an attacker] capable of doing—and doing damage with if you control the network,”

    Robert Lee, a security researcher and active-duty U.S. Air Force Cyber Warfare Operations Officer

  • 1 in 5 incidents at healthcare organizations are still being identified by external sources such as patients whose information was compromised or by a law enforcement agency.

  • A “one-size-fits-all” model doesn’t apply when protecting key information. Financial Institutions should hold business executives accountable for protecting the crown jewels in the same manner, as they are accountable for financial results.

  • All it takes is one breach and you would have paid for your entire (breach detection) product.

    Mike Spanbauer , Vice President of Research, NSS Labs.

  • It’s striking how many layers of obfuscation that the group adopts. These groups are innovating and becoming more creative.

    Jennifer Weedon, FireEye Strategic Analysis Manager

  • 17,000 malware alerts per week 40% of malware goes undetected

    Fred Donovan , Fierce IT security

  • In a recent survey Holding the Line Against Cyber Threats: Critical Infrastructure Readiness

    • (72%) said that the threat level of attacks was escalating
    • (89%) of the respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years
    • Fifty-nine percent of respondents stated that at least one of these attacks resulted in physical damage.

  • Deception as an automated responsive mechanism represents a sea change in the capabilities of the future of IT security that product managers or security programs should not take lightly.

    Lawrence Pingree, Gartner Research Director

  • There's two kinds of CIOs: ones who have been hacked and know it, and those who have been hacked and don't yet realize it. But the reality is, you've been hacked,

    Tony Scott, Federal CIO

  • The total average cost of a data breach is now $3.8 million, up from$3.5 million a year ago, according to a study by data security research organization Ponemon Institute.

    Paid for by International Business Machines Corp.May 27, 2015